diff --git a/source b/source index 562a173fb96..f352df123ec 100644 --- a/source +++ b/source @@ -779,7 +779,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute -

Writing secure applications with HTML

@@ -899,7 +898,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute attribute).

-

Common pitfalls to avoid when using the scripting APIs

@@ -1190,7 +1188,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute -
Errors that risk exposing authors to security attacks
@@ -1203,7 +1200,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
-
Cases where the author's intent is unclear
@@ -4489,7 +4485,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute neutral; leaving them in the DOM (for DOM processors), and styling them according to CSS (for CSS processors), but not inferring any meaning from them.

-

When support for a feature is disabled (e.g. as an emergency measure to mitigate a security problem, or to aid in development, or for performance reasons), user agents must act as if they had no support for the feature whatsoever, and as if the feature was not mentioned in this @@ -4497,7 +4492,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute interface, the attribute itself would be omitted from the objects that implement that interface — leaving the attribute on the object but making it return null or throw an exception is insufficient.

- @@ -39939,7 +39933,6 @@ dictionary TrackEventInit : EventInit { -
Security and privacy considerations
@@ -39981,7 +39974,6 @@ dictionary TrackEventInit : EventInit { product, then being able to read the subtitles would present a serious confidentiality breach.

-
Best practices for authors using media elements
@@ -59194,7 +59186,6 @@ interface HTMLDialogElement : HTMLElement { -
@@ -62025,11 +62016,9 @@ callback BlobCallback = undefined (Blob? blob); when invoked, must run these steps:

    -

  1. If this canvas element's bitmap's origin-clean flag is set to false, then throw a "SecurityError" DOMException.

    -

  2. If this canvas element's bitmap has no pixels (i.e. either its horizontal dimension or its vertical dimension is zero) then return the string "BlobCallback = undefined (Blob? blob);

-
The 2D rendering context
@@ -62467,12 +62455,10 @@ interface Path2D {

A CanvasRenderingContext2D object has an output bitmap that is initialized when the object is created.

-

The output bitmap has an origin-clean flag, which can be set to true or false. Initially, when one of these bitmaps is created, its origin-clean flag must be set to true.

-

The CanvasRenderingContext2D object also has an alpha boolean. When a @@ -80826,7 +80812,6 @@ dictionary DragEventInit : MouseEventInit { -

Security risks in the drag-and-drop model

@@ -80865,7 +80850,6 @@ dictionary DragEventInit : MouseEventInit {
- @@ -105618,7 +105602,6 @@ function receiver(e) { -

Security

@@ -105675,7 +105658,6 @@ function receiver(e) { attacks.

- @@ -106666,8 +106648,6 @@ function showLogout() { - -

Web workers

Introduction

@@ -126087,7 +126067,6 @@ interface External { 8bit (see the section on character encoding declarations) -
Security considerations:

Entire novels have been written about the security considerations that apply to HTML @@ -126119,7 +126098,6 @@ interface External { protected from cross-site request forgery attacks by unique tokens, and make use of any third-party resources exposed to or rights granted to that origin.

-
Interoperability considerations:
Rules for processing both conforming and non-conforming content @@ -126195,14 +126173,12 @@ interface External {
No optional parameters.
Encoding considerations:
binary
-
Security considerations:
Subresources of a multipart/x-mixed-replace resource can be of any type, including types with non-trivial security implications such as text/html.
-
Interoperability considerations:
None. @@ -126270,10 +126246,8 @@ interface External {
Same as for application/xml
Encoding considerations:
Same as for application/xml
-
Security considerations:
Same as for application/xml
-
Interoperability considerations:
Same as for application/xml
Published specification:
@@ -126343,14 +126317,12 @@ interface External {
Encoding considerations:
Not applicable.
-
Security considerations:

If used exclusively in the fashion described in the context of hyperlink auditing, this type introduces no new security concerns.

-
Interoperability considerations:
Rules applicable to this type are defined in this specification. @@ -126414,10 +126386,8 @@ interface External {
Same as for application/json
Encoding considerations:
8bit (always UTF-8)
-
Security considerations:
Same as for application/json
-
Interoperability considerations:
Same as for application/json
Published specification:
@@ -126496,7 +126466,6 @@ interface External {
Encoding considerations:
8bit (always UTF-8)
-
Security considerations:

An event stream from an origin distinct from the origin of the content consuming the event @@ -126511,7 +126480,6 @@ interface External { reconnect rapidly. Servers should use a 5xx status code to indicate capacity problems, as this will prevent conforming clients from reconnecting automatically.

-
Interoperability considerations:
Rules for processing both conforming and non-conforming content are defined in this